One Time Password (OTP) Authentication
One Time Password's (OTP's) make for a great additional method for authenticating to your own workstation or for your users to connect to your servers. It's mighty helpful too for sysadmin's whom (should) typically use SSH public key to authenticate themselves into their servers but find that when crunch time arrives they might not have that special USB-key/smartcard physically on them that lets them into their systems.
Traditional static password authentication is open to brute force attacks which puts people off, but the worry of locking yourself out your own equipment when you do not have your SSH public key on you is probably more worrying. As a result many sysadmin's bite their lip and permit password based authentication into their kit.
Well, now you can stop, OTP's are here to save the day.
In the past when authentication used to be done by plaintext, some clever folk put together a system (RFC2289) that could be used so that it did not matter if:
- someone sniffing your network traffic captured your authentication token at the time
- there was a keyboard logger on the terminal the user used
- passwords are effectively non-brute forcible
At the time the user was given a printout of a sequence of passwords that they would munch through, so that when the next one in the sequence is used successfully it may never be used again and is crossed off the list. If the user had access to a local computer system with a OTP 'calculator', they could generate it on demand (if they can be trusted to remember the shared secret that only they and the server know). More recently this concept has been extended to key fobs (such as RSA key generating tokens) but obviously it is expensive to deploy and maintain.
Some clever people noticed that with everyone owning JavaME/J2ME (CLDC)/midlet capable mobile phones 1, why not get the phone to generate the OTP.
After a lot of digging around the only good J2ME OTP calculator 2 I have found is jFreeSafe, I have chosen this because it:
- supports multiple OTP profiles, so you can have more than one OTP sequence calculated by the phone
- remembers and automatically decrements the seed and sequence number used
- you use a password to unlock the application when you load it
- automatically closes it's-self when idling out
- can be used to store passwords and other useful information too
- encrypts everything
To install it is dead easy, on your WAP enabled mobile phone simply browse to:
http://freesafe.sourceforge.net/jfreesafe.jad
Some phones, the Samsung D500 is one, might sulk when trying to use the above link, so if it does not work you might instead want to try my mirrored copy instead at:
http://chipmunk.wormnet.eu/jfreesafe.jad
Once installed, when you run it you will be prompted to give it a passphrase to use to encrypt and lock up the data it stores; this is identical in style of use of a passphrase for unlocking your SSH keypair and thus it is recommended you make this a relatively strong one.
Server OTP Prerequisites
For Debian, all you need to do is type:
# aptitude install libpam-opie opie-server
It seems that the equilivent Redhat/OpenSUSE package is called 'opie' and so you will need to install that with whatever RPM manglement tool you do business with.
Now tinkering with '/etc/ssh/sshd_config', you need to set the following lines for a secure setup and then restart 'sshd':
# typical secure install settings # (try to use all these settings if possible) Protocol 2 UsePrivilegeSeparation yes PermitRootLogin no StrictModes yes PubkeyAuthentication yes PermitEmptyPasswords no PasswordAuthentication no # these are both needed for OTP based authentication to work UsePAM yes ChallengeResponseAuthentication yes
Now, there is a slight issue here, enabling 'UsePAM' and 'ChallengeResponseAuthentication' can lead to re-enabling password authentication. This is because the SSH daemon's PAM configuration file ('/etc/pam.d/sshd') refers to /etc/pam.d/common-auth' which says that the users password is required for authentication. Eek! This is trivially fixed by amending '/etc/pam.d/sshd' to show:
# Standard Un*x authentication. #@include common-auth auth required pam_opie.so
You can see that we have commented out the reference to 'common-auth' and listed that (effectively) only 'pam_opie' may be used as an authentication mechanism. When you try SSHing into your system now with an invalid username you should get something like this:
alex@berk:~$ ssh chipmunk.wormnet.eu -l fdjqkl otp-md5 395 ch5941 ext, Response: otp-md5 478 ch2949 ext, Response: otp-md5 46 ch7215 ext, Response: Permission denied (publickey,keyboard-interactive).
Now you will notice those 'otp-md5' lines appearing which probably will be strange to you, do not worry it shows that the OTP system is working fine but as mechanism to prevent username account leakage, the system is faking a OTP challenge.
Congratulations, if you are seeing those 'otp-md5' entries your system is correctly configured, now you just need to learn how to use it.
Using OTP's
The OTP password system OPIE provisions is based on RFC2289 so when you see the 'password' prompt you will see something like:
otp-md5 395 ch5941 ext, Response:
As a quick breakdown, 'otp-md5' means that you are using a OTP password that uses MD5 based hashing 3. The '395' is the 'sequence number' whilst 'ch5941' refers to the 'seed'.
Configuring Your User Account
To configure your user account for OTP authentication you will need to SSH into the system and then generate a shared secret to use. The following method is shamelessly stolen from Aaron Hawley, I recommend you endure typing in a 16 character brutal password into your phone as it will be only a once off:
alex@chipmunk:~$ tr -dc "[:alnum:][:punct:]" < /dev/urandom | head -c 16 && echo \`NzzmD?aJGbXP5e
Now run 'opiepasswd' as follows, using the secret passphrase you generated above:
alex@chipmunk:~$ opiepasswd -c -f Adding alex: Only use this method from the console; NEVER from remote. If you are using telnet, xterm, or a dial-in, type ^C now or exit with no password. Then run opiepasswd without the -c parameter. Using MD5 to compute responses. Enter new secret pass phrase: Again new secret pass phrase: ID alex OTP key is 499 ch5734 NEON MET SIP FUSE ARID WORM alex@chipmunk:~$
Do not worry about the strange six word final line (read the, honest, easily digestible RFC if you are curious) but notice the seed is 'ch5734' whilst the sequence number is '499' (well actually it is now 498 as the system has just shown you the result for 499).
Configuring jFreeSafe and Logging In
- open jFreeSafe on your mobile phone
- click on the more/menu button and select 'Add' from the menu
- you are given a number of object types to chose from, pick 'OTP'
- fill in the fields as follows:
name: the reference name you want to give the entry in jFreeSafe
system name: the FQDN of your system, for example 'server.example.com'
user name: the username of your account on the system
password: the secret passphrase you generated above from the command line that you dropped into 'opiepasswd'
sequence: set to '498', as when you ran 'opiepasswd' it used and showed you sequence number '499' already
seed: set to the seed value given by 'opiepasswd' given above, here we got 'ch5734', obviously yours will be different
hash type: select 'MD5', which should already be selected\
- select 'Ok' to store your new OTP profile settings
That's everything set up, you now should be able to SSH into your server using your OTP.
When you SSH in, you load jFreeSafe, open the relevant OTP profile and check that the sequence number and seeds your server throws back at you when it challenges you matches what you have shown in jFreeSafe. When amended, if necessary, open menu/more and select 'Calculate OTP'. You will now be given a 16 character hexadecimal password to enter in as your challenge response; the response is not sensitive to whitespace and is not case sensitive. If things match up correctly then hopefully you will log in. Next time you log in you will notice that the sequence number has decremented by one and the next password jFreeSafe generates will be quite different.
OTP Maintenance
Sequence Number is Zero
You might be wondering what happens when your OTP sequence number reaches zero...well you probably have guessed correctly that you will no longer be able to log in. What you need to do is before the sequence number reaches zero is to run 'opiepasswd' like so:
alex@chipmunk:~$ opiepasswd
Updating alex:
You need the response from an OTP generator.
Old secret pass phrase:
otp-md5 497 ch4229 ext
Response: 0123456789abcdef
New secret pass phrase:
otp-md5 499 ch4230
Response: fedcba9876543210
ID alex OTP key is 499 ch4230
BRAG PIE MOO LYLE CAT PIEYou will notice that after it confirms the next OTP in your current sequence, it will then reset the seed to something new and rollback the sequence number back to 499. You then amend your profile in jFreeSafe to reflect these new settings, type in the challenge response for your new OTP sequence and you are back in action.
N.B. it is obviously crucial that you reset your seed and sequence as shown above before you reach zero, once at zero your OTP sequence will be dead and you will be unable to use it to log in
Reinitialising your OTP
If you have lost your OTP password settings altogether then you will need to start over again. This is trivially done by editing '/etc/opiekeys' and removing the line that refers to the username of your account. Once that line is removed you will be able to run 'opiepasswd -c -f' as you did before and start again from scratch.
your phone has to be from circa 2003ish to not be compatible (1)
apparently there are PalmOS, Windows Mobile and iPhone OTP calculators too but make sure you find one that supports both multiple OTP profiles and is RFC2289 compliant (2)
other possibilities are MD4 and SHA1, however OPIE only implements MD5 (3)